GNU bug report logs - #17334
24.3; Crash in cmdproxy.exe

Previous Next

Package: emacs;

Reported by: Sohail Somani <sohail <at> taggedtype.net>

Date: Thu, 24 Apr 2014 16:38:02 UTC

Severity: normal

Found in version 24.3

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 17334 in the body.
You can then email your comments to 17334 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#17334; Package emacs. (Thu, 24 Apr 2014 16:38:03 GMT) Full text and rfc822 format available.
Acknowledgement sent to Sohail Somani <sohail <at> taggedtype.net>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Thu, 24 Apr 2014 16:38:04 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Sohail Somani <sohail <at> taggedtype.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3; Crash in cmdproxy.exe
Date: Wed, 23 Apr 2014 23:58:57 -0400

There is a "bug" in cmdproxy.exe which should never happen, but does
anyway. In make_absolute, there is the following code:

  strncpy(dir, path, p - path);
  dir[p - path] = '\0';

If p-path > sizeof(dir), a buffer overrun occurs.

I came across this problem because I accidentally used ':' as a
separator when constructing the PATH variable in Emacs.

Thanks,

Sohail
Reply sent to Eli Zaretskii <eliz <at> gnu.org>:
You have taken responsibility. (Sat, 26 Apr 2014 07:09:02 GMT) Full text and rfc822 format available.
Notification sent to Sohail Somani <sohail <at> taggedtype.net>:
bug acknowledged by developer. (Sat, 26 Apr 2014 07:09:02 GMT) Full text and rfc822 format available.

Message #10 received at 17334-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Sohail Somani <sohail <at> taggedtype.net>
Cc: 17334-done <at> debbugs.gnu.org
Subject: Re: bug#17334: 24.3; Crash in cmdproxy.exe
Date: Sat, 26 Apr 2014 10:08:23 +0300

> Date: Wed, 23 Apr 2014 23:58:57 -0400
> From: Sohail Somani <sohail <at> taggedtype.net>
> 
> There is a "bug" in cmdproxy.exe which should never happen, but does
> anyway. In make_absolute, there is the following code:
> 
>    strncpy(dir, path, p - path);
>    dir[p - path] = '\0';
> 
> If p-path > sizeof(dir), a buffer overrun occurs.
> 
> I came across this problem because I accidentally used ':' as a
> separator when constructing the PATH variable in Emacs.

Thanks, this is now fixed for Emacs 24.4 (revision 117021 on the
emacs-24 branch).
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 24 May 2014 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 9 years and 361 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.